Why the Latest NSA Leak Is the Scariest of All

The National Security Agency programs revealed yesterday (Sept. 5) in three media reports were perhaps the most important revelations yet this summer, and have profound implications for everyone who uses the Internet.

The reports make clear that the NSA and its British counterpart Government Communications Headquarters (GCHQ), have been methodically undermining the vast encryption-based "web of trust" that makes possible secure online financial transactions, communications and other sensitive transmissions.

The spy agencies' activities have gone on for more than a decade. Like a silent but pervasive cancer, they have penetrated and weakened every corner of the Internet.

"Not only does the worst possible hypothetical ... appear to be true," wrote Johns Hopkins cryptographer Matthew Green on his blog last night, "but it's true on a scale I couldn't even imagine."

"The companies that build and manage our Internet infrastructure, the companies that create and sell us our hardware and software, or the companies that host our data: We can no longer trust them," wrote American encryption expert Bruce Schneier on the website of the British newspaper The Guardian.

Subterfuge by any means necessary

The surveillance programs, named "Manassas," "Bullrun" and "Edgehill" after battles in the American and English civil wars, not only built powerful computers to crack encryption protocols.

They also coerced technology companies into handing over encryption keys, infiltrated NSA and GCHQ personnel onto corporate staffs, broke into the computer servers of uncooperative companies to steal information and ensured that some companies built "backdoors" into their technology so that the spy agencies would always have access.

Perhaps most egregiously of all, the NSA and GCHQ deliberately poisoned publicly distributed encryption standards, used by hundreds of millions of people across the world every day, so that the standards would be secretly — but fatally — flawed.

"The (actually substantial) goodwill that NSA built up in the public crypto community over the last two decades was wiped out today," tweeted University of Pennsylvania cryptography expert Matt Blaze.

The implications are that, if they wanted to, the spy agencies could access nearly every Internet-based purchase, money transfer, email, Internet phone call, instant message or file transfer made by anyone, anywhere.

Early hints of secret tampering

The programs were revealed by documents provided in June to The Guardian by former NSA contractor Edward Snowden, who has since taken refuge in Russia.

The Guardian, which has come under pressure from GCHQ to stop publishing Snowden material, shared the documents with The New York Times and the American nonprofit online outlet Pro Publica.

All three publications simultaneously posted stories on their websites yesterday afternoon.

The media outlets, wary of undermining national security in both countries, did not specify which encryption protocols have been compromised. (The spy agencies had asked that the stories not be published at all.)

But at least one has already been identified: Dual Elliptic Curve Deterministic Random Bit Generator, or Dual_EC_DRBG, a random-number generator developed by the NSA and endorsed by the U.S. federal government's National Institute of Standards and Technology (NIST) in 2007. (Random-number generators are essential to the operation of many encryption protocols.)

That same year, Schneier noted that Dual_EC_DRBG was subtly flawed in a way that permitted the holder of a secret key — an unknown numerical constant — to completely undermine encryption protocols based on it.

"Not only is [Dual_EC_DRBG] a mouthful to say, it's also three orders of magnitude slower than its peers. It's in the standard only because it's been championed by the NSA," Schneier wrote in a November 2007 Wired article. "We have no way of knowing whether an NSA employee working on his own came up with the constants — and has the secret numbers."

Schneier, a source for some Tom's Guide articles, revealed yesterday that he has been helping The Guardian analyze the Snowden documents, and for that purpose had even bought a new computer that "has never been connected to the Internet."

"What I took away from reading the Snowden documents was that if the NSA wants in to your computer, it's in. Period," Schneier wrote in an opinion piece published on the Guardian website yesterday.

How to protect yourself — maybe

On the Guardian site, Schneier offered advice to readers seeking to keep their data private: Use the anonymizing Internet service Tor, encrypt emails and other communications and use open-source encryption software instead of commercial encryption products.

"My guess is that most encryption products from large US companies have NSA-friendly backdoors," Schneier wrote, "and many foreign ones probably do as well."

Yet even Schneier's informed recommendations may be only hopeful guesses. Because the Snowden documents did not name all the encryption protocols, pieces of software and technology companies compromised by the NSA and GCHQ, few people know what's safe and what's not.

Tor only offers partial security, and the Times' story implied that the Secure Sockets Layer (SSL) open-source security standard, which underlies nearly all secure Web transactions, had been compromised.

Likewise, the Pretty Good Privacy (PGP) open-source encryption standard, which Schneier also recommended, is so old, so widely used and was once such an irritant to the U.S. government that it would be first on a list of things for the NSA to crack.

However, just because the NSA and GCHQ could be watching you, it doesn't mean they are.

"Assume that while your computer can be compromised, it would take work and risk on the part of the NSA — so it probably isn't," wrote Schneier.

If everyone sees it, no one can lie

It's likely some of the newer open-source technology, such as the Transport Layer Security (TLS) 1.2 Web-security standard (meant to replace SSL but not yet widely adopted), or the free RedPhone and Secure Text Android apps, are not compromised. Their code is openly available for expert review and revision.

It's also likely that closed-source technology developed by major U.S. or British corporations has been compromised. The paranoid rants dating back to the 1990s about NSA backdoors in Microsoft software or Intel chips suddenly make sense.

Even the story published last month by the German magazine Die Zeit, which suspected that Microsoft's Trusted Computing chips were secret NSA backdoors, and which we dismissed as exaggerated, no longer seems unreasonable.

"I'm no longer the crank," wrote Green on his blog yesterday, referring to his own speculation about NSA activities. "I wasn't even close to cranky enough."

Undermining your security to keep you secure

The NSA and GCHQ will argue that undermining every possible piece of encryption and security is necessary for the greater good of keeping the U.S. and Britain free from terrorism, and that their adversaries in Russia and China are trying to do the same thing. (Some intelligence experts think Snowden has been a Russian agent all along.)

"Throughout history, nations have used encryption to protect their secrets, and today, terrorists, cybercriminals, human traffickers and others also use code to hide their activities," the Office of the Director of National Intelligence, James Clapper, said in a statement today (Sept. 6) and posted on Pro Publica's website. "Our intelligence community would not be doing its job if we did not try to counter that. … The fact that NSA's mission includes deciphering enciphered communications is not a secret, and is not news."

"The stories published yesterday, however, reveal specific and classified details about how we conduct this critical intelligence activity," the statement said. "Anything that yesterday’s disclosures add to the ongoing public debate is outweighed by the road map they give to our adversaries about the specific techniques we are using to try to intercept their communications in our attempts to keep America and our allies safe and to provide our leaders with the information they need to make difficult and critical national security decisions."

But the collateral damage from these programs may be worse than a terrorist attack. From now on, suspicion will be cast on all products from major U.S. technology companies — the key players in an industrial sector in which the U.S. is trying to maintain dominance.

Why should consumers, business or foreign governments trust software from Microsoft or McAfee, hardware from Intel or Cisco, or anything from Apple? Why buy American when cheaper Chinese products are no less secure?

A statement made a month ago by Ladar Levison, founder of the small secure email provider Lavabit, which shut down in response to government pressure, has even more resonance today.

"I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States," Levison said in a note explaining the Lavabit closure.